[MNG-553] Secure Storage of Server Passwords

o Restored CLI commands to create encrypted passwords

git-svn-id: https://svn.apache.org/repos/asf/maven/components/trunk@803553 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Benjamin Bentmann 2009-08-12 15:17:42 +00:00
parent 177a887acb
commit 41145c05e4
2 changed files with 68 additions and 0 deletions

View File

@ -92,6 +92,10 @@ public class CLIManager
public static final String LOG_FILE = "l"; public static final String LOG_FILE = "l";
public static final String ENCRYPT_MASTER_PASSWORD = "emp";
public static final String ENCRYPT_PASSWORD = "ep";
private Options options; private Options options;
@SuppressWarnings("static-access") @SuppressWarnings("static-access")
@ -128,6 +132,8 @@ public class CLIManager
options.addOption( OptionBuilder.withLongOpt( "also-make-dependents" ).withDescription( "If project list is specified, also build projects that depend on projects on the list" ).create( ALSO_MAKE_DEPENDENTS ) ); options.addOption( OptionBuilder.withLongOpt( "also-make-dependents" ).withDescription( "If project list is specified, also build projects that depend on projects on the list" ).create( ALSO_MAKE_DEPENDENTS ) );
options.addOption( OptionBuilder.withLongOpt( "log-file" ).hasArg().withDescription( "Log file to where all build output will go." ).create( LOG_FILE ) ); options.addOption( OptionBuilder.withLongOpt( "log-file" ).hasArg().withDescription( "Log file to where all build output will go." ).create( LOG_FILE ) );
options.addOption( OptionBuilder.withLongOpt( "show-version" ).withDescription( "Display version information WITHOUT stopping build" ).create( SHOW_VERSION ) ); options.addOption( OptionBuilder.withLongOpt( "show-version" ).withDescription( "Display version information WITHOUT stopping build" ).create( SHOW_VERSION ) );
options.addOption( OptionBuilder.withLongOpt( "encrypt-master-password" ).hasArg().withDescription( "Encrypt master security password" ).create( ENCRYPT_MASTER_PASSWORD ) );
options.addOption( OptionBuilder.withLongOpt( "encrypt-password" ).hasArg().withDescription( "Encrypt server password" ).create( ENCRYPT_PASSWORD ) );
// Adding this back in for compatibility with the verifier that hard codes this option. // Adding this back in for compatibility with the verifier that hard codes this option.

View File

@ -30,6 +30,11 @@ import org.apache.maven.exception.ExceptionSummary;
import org.apache.maven.execution.MavenExecutionRequest; import org.apache.maven.execution.MavenExecutionRequest;
import org.apache.maven.execution.MavenExecutionResult; import org.apache.maven.execution.MavenExecutionResult;
import org.codehaus.plexus.classworlds.ClassWorld; import org.codehaus.plexus.classworlds.ClassWorld;
import org.sonatype.plexus.components.cipher.DefaultPlexusCipher;
import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecUtil;
import org.sonatype.plexus.components.sec.dispatcher.model.SettingsSecurity;
/** /**
* @author jason van zyl * @author jason van zyl
@ -160,6 +165,63 @@ public class MavenCli
return 1; return 1;
} }
try
{
if ( commandLine.hasOption( CLIManager.ENCRYPT_MASTER_PASSWORD ) )
{
String passwd = commandLine.getOptionValue( CLIManager.ENCRYPT_MASTER_PASSWORD );
DefaultPlexusCipher cipher = new DefaultPlexusCipher();
System.out.println( cipher.encryptAndDecorate( passwd,
DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION ) );
return 0;
}
else if ( commandLine.hasOption( CLIManager.ENCRYPT_PASSWORD ) )
{
String passwd = commandLine.getOptionValue( CLIManager.ENCRYPT_PASSWORD );
DefaultSecDispatcher dispatcher;
dispatcher = (DefaultSecDispatcher) mavenEmbedder.getPlexusContainer().lookup( SecDispatcher.class );
String configurationFile = dispatcher.getConfigurationFile();
if ( configurationFile.startsWith( "~" ) )
{
configurationFile = System.getProperty( "user.home" ) + configurationFile.substring( 1 );
}
String file = System.getProperty( DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION, configurationFile );
mavenEmbedder.getPlexusContainer().release( dispatcher );
String master = null;
SettingsSecurity sec = SecUtil.read( file, true );
if ( sec != null )
{
master = sec.getMaster();
}
if ( master == null )
{
System.err.println( "Master password is not set in the setting security file" );
return 1;
}
DefaultPlexusCipher cipher = new DefaultPlexusCipher();
String masterPasswd =
cipher.decryptDecorated( master, DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION );
System.out.println( cipher.encryptAndDecorate( passwd, masterPasswd ) );
return 0;
}
}
catch ( Exception e )
{
CLIReportingUtils.showError( "FATAL ERROR: " + "Error encrypting password: " + e.getMessage(), e, showErrors );
return 1;
}
MavenExecutionResult result = mavenEmbedder.execute( request ); MavenExecutionResult result = mavenEmbedder.execute( request );
try try